CVE-2024-8917

Published September 25th, 2024

View on NVD ↗

CVSS v3

6.4

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

The AnWP Football Leagues plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.16.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

AnWP Football Leagues

A complete solution for any ⚽ football site. Has a variety of unique features, powerful and flexible. Made with football in mind. ⏩ For other team sports (🏉 rugby, 🏀 basketball, 🏐 volleyball, 🏏 cricket, ⚾ baseball, 🏒 ice hockey, handball) use my another plugin – <a href="https://wordpress.org/plugins/sports-leagues/" rel="ugc">Sports Leagues</a> <h4>BASIC FEATURES</h4> ✅ intuitive admin UI ✅ knockout, round-robin or even mixed and multistaged Competition supported ✅ separate Club squad for every season (with player position, number, status) ✅ Match lineups, substitutes, stats, events (goals, cards, substitute, penalty shootout), video, staff, referees ✅ automatic Standing calculation (or manual) ✅ automatic Player statistic calculation based on Match events (playing time, goals, cards, etc.) ✅ initial data import for Clubs and Players with Excel-like spreadsheet ✅ custom colors in Standing table (for Clubs or places) ✅ flipped countdown timer for upcoming Matches ✅ initial points (+ or -) for Clubs in Standing table ✅ statistics at Player profile page ✅ stadiums with photo, gallery, additional information, map, matches ✅ widgets: Clubs, Matches, Cards, Next match, Player, Players (scorers or assistants), Standing table, Birthdays ✅ 16 different shortcodes with UI helper in Classic Editor ✅ template system (ability to override output layouts in your theme) ✅ RTL support ✅ works with most themes out of the box ✅ fully translatable from the Admin part ✅ tons of hooks for developers ✅ staff, referees, coaches, stadiums and much more … <h4>LINKS AND DOCUMENTATION</h4> <a href="https://fl-core.anwp.pro/" rel="nofollow ugc">Plugin Demo</a> | <a href="https://anwp.pro/the-most-powerfull-football-soccer-wordpress-plugin/" rel="nofollow ugc">Plugin Overview</a> <a href="https://anwppro.userecho.com/communities/1-football-leagues#module_9" rel="nofollow ugc">Online Documentation</a> | <a href="https://anwppro.userecho.com/knowledge-bases/2/articles/70-start-guide" rel="nofollow ugc">Start Guide</a> | <a href="https://anwppro.userecho.com/knowledge-bases/11-fl-changelog/categories/28-basic-version/articles" rel="nofollow ugc">Extended Changelog</a> | <a href="https://anwppro.userecho.com/knowledge-bases/2-football-leagues/categories/25-shortcodes/articles" rel="nofollow ugc">Available Shortcodes</a> <h4>PREMIUM VERSION AVAILABLE</h4> Want more? Football Leagues has also a <a href="https://anwp.pro/football-leagues-premium/" rel="nofollow ugc">Premium Addon</a> with many outstanding and unique features. <a href="https://fl-premium.anwp.pro/" rel="nofollow ugc">Premium Demo</a> | <a href="https://footballan.com/" rel="nofollow ugc">Real Website Example</a> <h4>PREMIUM FEATURES</h4> 🔶 Live Scores and Match Live Commentary with Events 🔶 Match Timeline 🔶 LIVE Search 🔶 Club match formation 🔶 Layout Builder (with tabs) 🔶 Match scoreboard with image background 🔶 Tournament Bracket 🔶 Commentary Match section with new events 🔶 Head to Head matches section in Match 🔶 import data from external APIs (required a valid subscription) 🔶 Standing – manual data edit 🔶 Standing – columns order and visibility 🔶 Standing – Conference support 🔶 Standing – more ranking rules 🔶 Matches Horizontal Scoreboard (shortcode) 🔶 Competition – matchweeks as slides 🔶 Results Matrix 🔶 Standing Arrows – Dynamics of Ranking changes 🔶 Widget – Next match extended (timer or flipped countdown) 🔶 Widget – Competition Matchweek slides 🔶 Widget – Calendar 🔶 Calendar Slider 🔶 Card Suspension 🔶 Transfers 🔶 <a href="https://anwp.pro/seo-options-in-layout-builder-title-and-description/" rel="nofollow ugc">Dynamic SEO Options</a> 🔶 Send Game Report by Email 🔶 <a href="https://anwp.pro/docs/football-leagues/pro-features/user-timezone/" rel="nofollow ugc">Automatic User’s Timezone</a> 🔶 <a href="https://anwp.pro/docs/football-leagues/pro-features/ai-writer/" rel="nofollow ugc">AI Match Reports</a> 🔶 <a href="https://anwp.pro/docs/football-leagues/pro-features/club-history-historical-logos-names/" rel="nofollow ugc">Club History</a> – Historical logos and names 🔶 <a href="https://anwp.pro/docs/football-leagues/pro-features/entity-links/" rel="nofollow ugc">Entity Links</a> – Custom links for clubs, players, and more 🔶 Advanced Statistics 🔶 Charts: Team Default Statistics & Goals per 15 min. interval 🔶 Player stats section in Club 🔶 Player & Referee stats panel 🔶 24 different shortcodes 🔶 premium support <a href="https://anwp.pro/football-leagues-premium/" rel="nofollow ugc">Find Out more about Premium Version</a> <a href="https://anwp.pro/the-most-powerfull-football-soccer-wordpress-plugin/" rel="nofollow ugc">Plugin Overview</a> <h4>Translations included</h4> <ul> <li>English – default, always included</li> <li>Russian: Русский</li> <li>Polish: Polski (thanks to @forzza)</li> <li>Danish: Denmark (thanks to @cbdk)</li> <li>French: thanks to @belgofoot</li> <li>Italian: thanks to Paolo</li> <li>Slovenian: thanks to Nejc</li> <li>Romanian: thanks to Gabriel</li> <li>German: thanks to Jörg and Sven</li> <li>Greek: thanks to spirossm</li> <li>Spain: thanks to Màxim</li> <li>Brazil (Portuguese): thanks to Marcelo</li> <li>Dutch: thanks to Patrick</li> </ul> <h4>The plugin requires</h4> <blockquote> PHP version 5.6 or greater WordPress 4.7 or greater <a href="https://wordpress.org/plugins/cmb2/" title="CMB2" rel="ugc">CMB2 plugin</a> </blockquote>

WordPress Plugin Directory

74.3K